[selinux-testsuite RFC PATCH 0/4] selinux-testsuite patches

[selinux-testsuite RFC PATCH 0/4] selinux-testsuite patches

[Paul Moore]

This is a small patchset I put together this morning to get the SELinux
testsuite running on my Rawhide system which was current as of a few
minutes ago.  You can pull from here if you are so inclined:

 * git://git.infradead.org/users/pcmoore/selinux_testsuite
 * http://git.infradead.org/users/pcmoore/selinux_testsuite

The only patch that is really necessary is 1/4, the change to
test_global.te.  At this point I haven't really looked closely enough at
the tests to see if it is correct, but it at least builds and the tests
all run to completion without failure.  The other three patches are
basically just style/formatting tweaks I did while working on the fix in
1/4.  Feel free to do with them what you will.

Comments are always welcome.  I'm hoping to start running this against
the upstream bits on a regular basis.

---

Paul Moore (4):
      test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)
      test_policy: general Makefile cleanup
      test_policy: use RHEL instead of REDHAT in Makefile
      test_policy: create a "build" target


 policy/Makefile       |   85 ++++++++++++++++++++++++++++---------------------
 policy/test_global.te |    5 ++-
 2 files changed, 51 insertions(+), 39 deletions(-)


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Paul Moore]

Signed-off-by: Paul Moore <pmoore@redhat.com>
---
 policy/test_global.te |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/policy/test_global.te b/policy/test_global.te
index 3891f6e..49c85b1 100644
--- a/policy/test_global.te
+++ b/policy/test_global.te
@@ -5,6 +5,7 @@ policy_module(test_policy,1.0.0)
 #
 # Declarations
 #
+
 attribute testdomain;
 
 gen_require(`
@@ -34,8 +35,8 @@ miscfiles_read_test_files(testdomain)
 
 # Let the test domains set their current, exec and fscreate contexts.
 allow testdomain self:process setcurrent;
-# domain_dyntrans_type(testdomain)
-selinux_get_fs_mount(testdomain)
+#domain_dyntrans_type(testdomain)
+#selinux_get_fs_mount(testdomain)
 allow testdomain self:process setexec;
 allow testdomain self:process setfscreate;
 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[selinux-testsuite RFC PATCH 2/4] test_policy: general Makefile cleanup

[Paul Moore]

Signed-off-by: Paul Moore <pmoore@redhat.com>
---
 policy/Makefile |   51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/policy/Makefile b/policy/Makefile
index 6fb9578..5dbb655 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -1,36 +1,40 @@
-REDHAT_RELEASE=$(shell rpm -q redhat-release)
-REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
 
-POLICYDEVEL = /usr/share/selinux/devel
+POLDEV = /usr/share/selinux/devel
 SEMODULE = /usr/sbin/semodule
 CHECKPOLICY = /usr/bin/checkpolicy
-VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
-
-TARGETS=test_global.te test_capable_file.te test_capable_net.te \
-test_capable_sys.te test_dyntrace.te test_dyntrans.te test_entrypoint.te \
-test_execshare.te test_exectrace.te test_execute_no_trans.te \
-test_fdreceive.te test_file.te test_inherit.te test_ioctl.te test_ipc.te \
-test_link.te test_mkdir.te test_open.te test_ptrace.te test_readlink.te \
-test_relabel.te test_rename.te test_rxdir.te test_setattr.te test_setnice.te \
-test_sigkill.te test_stat.te test_sysctl.te test_task_create.te \
-test_task_getpgid.te test_task_getsched.te test_task_getsid.te \
-test_task_setpgid.te test_task_setsched.te test_transition.te test_wait.te
-
-VERS_GE_24 := $(shell [ $(VERS) -ge 24 ] && echo true )
-
-ifeq ($(VERS_GE_24),true)
-TARGETS+= test_bounds.te
+
+REDHAT_RELEASE=$(shell rpm -q redhat-release)
+REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
+
+POL_VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
+
+TARGETS = \
+	test_global.te test_capable_file.te test_capable_net.te \
+	test_capable_sys.te test_dyntrace.te test_dyntrans.te \
+	test_entrypoint.te test_execshare.te test_exectrace.te \
+	test_execute_no_trans.te test_fdreceive.te test_file.te \
+	test_inherit.te test_ioctl.te test_ipc.te test_link.te test_mkdir.te \
+	test_open.te test_ptrace.te test_readlink.te \
+	test_relabel.te test_rename.te test_rxdir.te test_setattr.te \
+	test_setnice.te test_sigkill.te test_stat.te test_sysctl.te \
+	test_task_create.te test_task_getpgid.te test_task_getsched.te \
+	test_task_getsid.te test_task_setpgid.te test_task_setsched.te \
+	test_transition.te test_wait.te
+
+ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true)
+TARGETS += test_bounds.te
 endif
 
 all: $(TARGETS)
 ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
 	$(MAKE) -C redhat/$(REDHAT_VERS) all
 else
-	@if [ -d $(POLICYDEVEL) ]; then \
+	@if [ -d $(POLDEV) ]; then \
 		mkdir -p test_policy; \
 		cp test_policy.if test_policy; \
-		set -e; rm -f test_policy.te; cat $(TARGETS) > test_policy/test_policy.te; \
-		cd test_policy && $(MAKE) -f $(POLICYDEVEL)/Makefile test_policy.pp; \
+		set -e; rm -f test_policy.te; \
+		cat $(TARGETS) > test_policy/test_policy.te; \
+		$(MAKE) -C test_policy -f $(POLDEV)/Makefile test_policy.pp; \
 	else \
 		echo "ERROR: You must have selinux-policy-devel installed."; \
 	fi
@@ -44,7 +48,7 @@ else
 	$(SEMODULE) -i test_policy/test_policy.pp
 endif
 
-unload:	
+unload:
 ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
 	$(MAKE) -C redhat/$(REDHAT_VERS) unload
 else
@@ -54,4 +58,3 @@ endif
 
 clean:
 	rm -rf test_policy tmp
-


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[selinux-testsuite RFC PATCH 3/4] test_policy: use RHEL instead of REDHAT in Makefile

[Paul Moore]

We also rework some of the if statements to make it easier to add
additional distributions, e.g. Fedora.

Signed-off-by: Paul Moore <pmoore@redhat.com>
---
 policy/Makefile |   34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/policy/Makefile b/policy/Makefile
index 5dbb655..8763143 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -3,8 +3,8 @@ POLDEV = /usr/share/selinux/devel
 SEMODULE = /usr/sbin/semodule
 CHECKPOLICY = /usr/bin/checkpolicy
 
-REDHAT_RELEASE=$(shell rpm -q redhat-release)
-REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
+RHEL_REL=$(shell rpm -q redhat-release)
+RHEL_VERS=$(shell echo $(RHEL_REL) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
 
 POL_VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
 
@@ -26,9 +26,12 @@ TARGETS += test_bounds.te
 endif
 
 all: $(TARGETS)
-ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
-	$(MAKE) -C redhat/$(REDHAT_VERS) all
-else
+ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
+	# RHEL specific policy build
+	$(MAKE) -C redhat/$(RHEL_VERS) all \
+	exit $$?
+endif
+	# General policy build
 	@if [ -d $(POLDEV) ]; then \
 		mkdir -p test_policy; \
 		cp test_policy.if test_policy; \
@@ -38,23 +41,26 @@ else
 	else \
 		echo "ERROR: You must have selinux-policy-devel installed."; \
 	fi
-endif
 
 load: all
-ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
-	$(MAKE) -C redhat/$(REDHAT_VERS) load
-else
+ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
+	# RHEL specific policy load
+	$(MAKE) -C redhat/$(RHEL_VERS) load \
+	exit $$?
+endif
+	# General policy load
 	/usr/sbin/setsebool allow_domain_fd_use=0
 	$(SEMODULE) -i test_policy/test_policy.pp
-endif
 
 unload:
-ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
-	$(MAKE) -C redhat/$(REDHAT_VERS) unload
-else
+ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
+	# RHEL specific policy unload
+	$(MAKE) -C redhat/$(RHEL_VERS) unload \
+	exit $$?
+endif
+	# General policy unload
 	/usr/sbin/setsebool allow_domain_fd_use=1
 	$(SEMODULE) -r test_policy
-endif
 
 clean:
 	rm -rf test_policy tmp


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[selinux-testsuite RFC PATCH 4/4] test_policy: create a "build" target

[Paul Moore]

Signed-off-by: Paul Moore <pmoore@redhat.com>
---
 policy/Makefile |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/Makefile b/policy/Makefile
index 8763143..3a8a10d 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -25,7 +25,9 @@ ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true)
 TARGETS += test_bounds.te
 endif
 
-all: $(TARGETS)
+all: build
+
+build: $(TARGETS)
 ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
 	# RHEL specific policy build
 	$(MAKE) -C redhat/$(RHEL_VERS) all \


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> Signed-off-by: Paul Moore <pmoore@redhat.com>

Thanks, Paul!  This break had been reported to me and I got as far
as tracking it to its cause, but I hadn't yet figured out what to
replace it by.  I assume you're saying it's not strictly necessary :)
All the better.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

> ---
>  policy/test_global.te |    5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/policy/test_global.te b/policy/test_global.te
> index 3891f6e..49c85b1 100644
> --- a/policy/test_global.te
> +++ b/policy/test_global.te
> @@ -5,6 +5,7 @@ policy_module(test_policy,1.0.0)
>  #
>  # Declarations
>  #
> +
>  attribute testdomain;
>  
>  gen_require(`
> @@ -34,8 +35,8 @@ miscfiles_read_test_files(testdomain)
>  
>  # Let the test domains set their current, exec and fscreate contexts.
>  allow testdomain self:process setcurrent;
> -# domain_dyntrans_type(testdomain)
> -selinux_get_fs_mount(testdomain)
> +#domain_dyntrans_type(testdomain)
> +#selinux_get_fs_mount(testdomain)
>  allow testdomain self:process setexec;
>  allow testdomain self:process setfscreate;
>  

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 2/4] test_policy: general Makefile cleanup

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> Signed-off-by: Paul Moore <pmoore@redhat.com>

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

> ---
>  policy/Makefile |   51 +++++++++++++++++++++++++++------------------------
>  1 file changed, 27 insertions(+), 24 deletions(-)
> 
> diff --git a/policy/Makefile b/policy/Makefile
> index 6fb9578..5dbb655 100644
> --- a/policy/Makefile
> +++ b/policy/Makefile
> @@ -1,36 +1,40 @@
> -REDHAT_RELEASE=$(shell rpm -q redhat-release)
> -REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
>  
> -POLICYDEVEL = /usr/share/selinux/devel
> +POLDEV = /usr/share/selinux/devel
>  SEMODULE = /usr/sbin/semodule
>  CHECKPOLICY = /usr/bin/checkpolicy
> -VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> -
> -TARGETS=test_global.te test_capable_file.te test_capable_net.te \
> -test_capable_sys.te test_dyntrace.te test_dyntrans.te test_entrypoint.te \
> -test_execshare.te test_exectrace.te test_execute_no_trans.te \
> -test_fdreceive.te test_file.te test_inherit.te test_ioctl.te test_ipc.te \
> -test_link.te test_mkdir.te test_open.te test_ptrace.te test_readlink.te \
> -test_relabel.te test_rename.te test_rxdir.te test_setattr.te test_setnice.te \
> -test_sigkill.te test_stat.te test_sysctl.te test_task_create.te \
> -test_task_getpgid.te test_task_getsched.te test_task_getsid.te \
> -test_task_setpgid.te test_task_setsched.te test_transition.te test_wait.te
> -
> -VERS_GE_24 := $(shell [ $(VERS) -ge 24 ] && echo true )
> -
> -ifeq ($(VERS_GE_24),true)
> -TARGETS+= test_bounds.te
> +
> +REDHAT_RELEASE=$(shell rpm -q redhat-release)
> +REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
> +
> +POL_VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
> +
> +TARGETS = \
> +	test_global.te test_capable_file.te test_capable_net.te \
> +	test_capable_sys.te test_dyntrace.te test_dyntrans.te \
> +	test_entrypoint.te test_execshare.te test_exectrace.te \
> +	test_execute_no_trans.te test_fdreceive.te test_file.te \
> +	test_inherit.te test_ioctl.te test_ipc.te test_link.te test_mkdir.te \
> +	test_open.te test_ptrace.te test_readlink.te \
> +	test_relabel.te test_rename.te test_rxdir.te test_setattr.te \
> +	test_setnice.te test_sigkill.te test_stat.te test_sysctl.te \
> +	test_task_create.te test_task_getpgid.te test_task_getsched.te \
> +	test_task_getsid.te test_task_setpgid.te test_task_setsched.te \
> +	test_transition.te test_wait.te
> +
> +ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true)
> +TARGETS += test_bounds.te
>  endif
>  
>  all: $(TARGETS)
>  ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
>  	$(MAKE) -C redhat/$(REDHAT_VERS) all
>  else
> -	@if [ -d $(POLICYDEVEL) ]; then \
> +	@if [ -d $(POLDEV) ]; then \
>  		mkdir -p test_policy; \
>  		cp test_policy.if test_policy; \
> -		set -e; rm -f test_policy.te; cat $(TARGETS) > test_policy/test_policy.te; \
> -		cd test_policy && $(MAKE) -f $(POLICYDEVEL)/Makefile test_policy.pp; \
> +		set -e; rm -f test_policy.te; \
> +		cat $(TARGETS) > test_policy/test_policy.te; \
> +		$(MAKE) -C test_policy -f $(POLDEV)/Makefile test_policy.pp; \
>  	else \
>  		echo "ERROR: You must have selinux-policy-devel installed."; \
>  	fi
> @@ -44,7 +48,7 @@ else
>  	$(SEMODULE) -i test_policy/test_policy.pp
>  endif
>  
> -unload:	
> +unload:
>  ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
>  	$(MAKE) -C redhat/$(REDHAT_VERS) unload
>  else
> @@ -54,4 +58,3 @@ endif
>  
>  clean:
>  	rm -rf test_policy tmp
> -

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 3/4] test_policy: use RHEL instead of REDHAT in Makefile

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> We also rework some of the if statements to make it easier to add
> additional distributions, e.g. Fedora.
> 
> Signed-off-by: Paul Moore <pmoore@redhat.com>

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

> ---
>  policy/Makefile |   34 ++++++++++++++++++++--------------
>  1 file changed, 20 insertions(+), 14 deletions(-)
> 
> diff --git a/policy/Makefile b/policy/Makefile
> index 5dbb655..8763143 100644
> --- a/policy/Makefile
> +++ b/policy/Makefile
> @@ -3,8 +3,8 @@ POLDEV = /usr/share/selinux/devel
>  SEMODULE = /usr/sbin/semodule
>  CHECKPOLICY = /usr/bin/checkpolicy
>  
> -REDHAT_RELEASE=$(shell rpm -q redhat-release)
> -REDHAT_VERS=$(shell echo $(REDHAT_RELEASE) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
> +RHEL_REL=$(shell rpm -q redhat-release)
> +RHEL_VERS=$(shell echo $(RHEL_REL) | cut -f3 -d"-" | sed -e "s/[^0-9]*//g")
>  
>  POL_VERS := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
>  
> @@ -26,9 +26,12 @@ TARGETS += test_bounds.te
>  endif
>  
>  all: $(TARGETS)
> -ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
> -	$(MAKE) -C redhat/$(REDHAT_VERS) all
> -else
> +ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
> +	# RHEL specific policy build
> +	$(MAKE) -C redhat/$(RHEL_VERS) all \
> +	exit $$?
> +endif
> +	# General policy build
>  	@if [ -d $(POLDEV) ]; then \
>  		mkdir -p test_policy; \
>  		cp test_policy.if test_policy; \
> @@ -38,23 +41,26 @@ else
>  	else \
>  		echo "ERROR: You must have selinux-policy-devel installed."; \
>  	fi
> -endif
>  
>  load: all
> -ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
> -	$(MAKE) -C redhat/$(REDHAT_VERS) load
> -else
> +ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
> +	# RHEL specific policy load
> +	$(MAKE) -C redhat/$(RHEL_VERS) load \
> +	exit $$?
> +endif
> +	# General policy load
>  	/usr/sbin/setsebool allow_domain_fd_use=0
>  	$(SEMODULE) -i test_policy/test_policy.pp
> -endif
>  
>  unload:
> -ifeq (x$(REDHAT_VERS),$(filter x$(REDHAT_VERS),x4 x5))
> -	$(MAKE) -C redhat/$(REDHAT_VERS) unload
> -else
> +ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
> +	# RHEL specific policy unload
> +	$(MAKE) -C redhat/$(RHEL_VERS) unload \
> +	exit $$?
> +endif
> +	# General policy unload
>  	/usr/sbin/setsebool allow_domain_fd_use=1
>  	$(SEMODULE) -r test_policy
> -endif
>  
>  clean:
>  	rm -rf test_policy tmp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 4/4] test_policy: create a "build" target

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> Signed-off-by: Paul Moore <pmoore@redhat.com>

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

> ---
>  policy/Makefile |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/Makefile b/policy/Makefile
> index 8763143..3a8a10d 100644
> --- a/policy/Makefile
> +++ b/policy/Makefile
> @@ -25,7 +25,9 @@ ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true)
>  TARGETS += test_bounds.te
>  endif
>  
> -all: $(TARGETS)
> +all: build
> +
> +build: $(TARGETS)
>  ifeq (x$(RHEL_VERS),$(filter x$(RHEL_VERS),x4 x5))
>  	# RHEL specific policy build
>  	$(MAKE) -C redhat/$(RHEL_VERS) all \

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Paul Moore]

On Tuesday, September 24, 2013 04:49:25 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (pmoore@redhat.com):
> > Signed-off-by: Paul Moore <pmoore@redhat.com>
> 
> Thanks, Paul!  This break had been reported to me and I got as far
> as tracking it to its cause, but I hadn't yet figured out what to
> replace it by.

No problem.

> I assume you're saying it's not strictly necessary :) All the better.

Well, I guess what I'm trying to say is that I'm not sure if this is the right 
fix, but it does at least resolve the build problems I'm seeing.  I have yet 
to check to see if it works correctly.

> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

Ack?  I thought you were the one maintaining the test suite?

> > ---
> > 
> >  policy/test_global.te |    5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/policy/test_global.te b/policy/test_global.te
> > index 3891f6e..49c85b1 100644
> > --- a/policy/test_global.te
> > +++ b/policy/test_global.te
> > @@ -5,6 +5,7 @@ policy_module(test_policy,1.0.0)
> > 
> >  #
> >  # Declarations
> >  #
> > 
> > +
> > 
> >  attribute testdomain;
> >  
> >  gen_require(`
> > 
> > @@ -34,8 +35,8 @@ miscfiles_read_test_files(testdomain)
> > 
> >  # Let the test domains set their current, exec and fscreate contexts.
> >  allow testdomain self:process setcurrent;
> > 
> > -# domain_dyntrans_type(testdomain)
> > -selinux_get_fs_mount(testdomain)
> > +#domain_dyntrans_type(testdomain)
> > +#selinux_get_fs_mount(testdomain)
> > 
> >  allow testdomain self:process setexec;
> >  allow testdomain self:process setfscreate;

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> On Tuesday, September 24, 2013 04:49:25 PM Serge E. Hallyn wrote:
> > Quoting Paul Moore (pmoore@redhat.com):
> > > Signed-off-by: Paul Moore <pmoore@redhat.com>
> > 
> > Thanks, Paul!  This break had been reported to me and I got as far
> > as tracking it to its cause, but I hadn't yet figured out what to
> > replace it by.
> 
> No problem.
> 
> > I assume you're saying it's not strictly necessary :) All the better.
> 
> Well, I guess what I'm trying to say is that I'm not sure if this is the right 
> fix, but it does at least resolve the build problems I'm seeing.  I have yet 
> to check to see if it works correctly.
> 
> > Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> 
> Ack?  I thought you were the one maintaining the test suite?

Yes, that's me saying I'll apply that.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Paul Moore]

On Wednesday, September 25, 2013 09:31:28 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (pmoore@redhat.com):
> > On Tuesday, September 24, 2013 04:49:25 PM Serge E. Hallyn wrote:
> > > Quoting Paul Moore (pmoore@redhat.com):
> > > > Signed-off-by: Paul Moore <pmoore@redhat.com>
> > > 
> > > Thanks, Paul!  This break had been reported to me and I got as far
> > > as tracking it to its cause, but I hadn't yet figured out what to
> > > replace it by.
> > 
> > No problem.
> > 
> > > I assume you're saying it's not strictly necessary :) All the better.
> > 
> > Well, I guess what I'm trying to say is that I'm not sure if this is the
> > right fix, but it does at least resolve the build problems I'm seeing.  I
> > have yet to check to see if it works correctly.
> > 
> > > Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> > 
> > Ack?  I thought you were the one maintaining the test suite?
> 
> Yes, that's me saying I'll apply that.

Great, thanks.

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> On Tuesday, September 24, 2013 04:49:25 PM Serge E. Hallyn wrote:
> > Quoting Paul Moore (pmoore@redhat.com):
> > > Signed-off-by: Paul Moore <pmoore@redhat.com>
> > 
> > Thanks, Paul!  This break had been reported to me and I got as far
> > as tracking it to its cause, but I hadn't yet figured out what to
> > replace it by.
> 
> No problem.
> 
> > I assume you're saying it's not strictly necessary :) All the better.
> 
> Well, I guess what I'm trying to say is that I'm not sure if this is the right 
> fix, but it does at least resolve the build problems I'm seeing.  I have yet 
> to check to see if it works correctly.

(I'm hoping to work on that tomorrow, fwiw)

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Serge E. Hallyn]

Quoting Paul Moore (pmoore@redhat.com):
> On Wednesday, September 25, 2013 09:31:28 PM Serge E. Hallyn wrote:
> > Quoting Paul Moore (pmoore@redhat.com):
> > > On Tuesday, September 24, 2013 04:49:25 PM Serge E. Hallyn wrote:
> > > > Quoting Paul Moore (pmoore@redhat.com):
> > > > > Signed-off-by: Paul Moore <pmoore@redhat.com>
> > > > 
> > > > Thanks, Paul!  This break had been reported to me and I got as far
> > > > as tracking it to its cause, but I hadn't yet figured out what to
> > > > replace it by.
> > > 
> > > No problem.
> > > 
> > > > I assume you're saying it's not strictly necessary :) All the better.
> > > 
> > > Well, I guess what I'm trying to say is that I'm not sure if this is the
> > > right fix, but it does at least resolve the build problems I'm seeing.  I
> > > have yet to check to see if it works correctly.
> > > 
> > > > Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> > > 
> > > Ack?  I thought you were the one maintaining the test suite?
> > 
> > Yes, that's me saying I'll apply that.
> 
> Great, thanks.

Thanks, Paul, all tests passed (on f19) with your patches!

-serge

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux-testsuite RFC PATCH 1/4] test_policy: test_global.te fix for Fedora Rawhide (Sept 24th, 2013)

[Paul Moore]

On Friday, September 27, 2013 06:15:30 PM Serge E. Hallyn wrote:
> Quoting Paul Moore (pmoore@redhat.com):
> > On Wednesday, September 25, 2013 09:31:28 PM Serge E. Hallyn wrote:
> > > Quoting Paul Moore (pmoore@redhat.com):
> > > > On Tuesday, September 24, 2013 04:49:25 PM Serge E. Hallyn wrote:
> > > > > Quoting Paul Moore (pmoore@redhat.com):
> > > > > > Signed-off-by: Paul Moore <pmoore@redhat.com>
> > > > > 
> > > > > Thanks, Paul!  This break had been reported to me and I got as far
> > > > > as tracking it to its cause, but I hadn't yet figured out what to
> > > > > replace it by.
> > > > 
> > > > No problem.
> > > > 
> > > > > I assume you're saying it's not strictly necessary :) All the
> > > > > better.
> > > > 
> > > > Well, I guess what I'm trying to say is that I'm not sure if this is
> > > > the
> > > > right fix, but it does at least resolve the build problems I'm seeing.
> > > >  I
> > > > have yet to check to see if it works correctly.
> > > > 
> > > > > Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> > > > 
> > > > Ack?  I thought you were the one maintaining the test suite?
> > > 
> > > Yes, that's me saying I'll apply that.
> > 
> > Great, thanks.
> 
> Thanks, Paul, all tests passed (on f19) with your patches!

Great, glad they worked for you too.

-- 
paul moore
security and virtualization @ redhat


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.